From 32561916ec636f75bbc9c442577c8c0d0a1e1a42 Mon Sep 17 00:00:00 2001
From: Sebastian Wieland <git-commits@nwie.land>
Date: Tue, 28 Dec 2021 11:01:01 +0100
Subject: [PATCH] Automatic pinentry

---
 README.md          |  8 ++++++++
 unlock_keyrings.sh | 10 ++++++++--
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 4ff65ba..d4f3a36 100644
--- a/README.md
+++ b/README.md
@@ -63,6 +63,14 @@ Then, add the following command to gnome-autostart. You should know how to auto-
 /path/to/this/project/unlock_keyrings.sh /path/to/your_secret
 ```
 
+Optionally, if you don't want to enter your GPG smartcard pin every time you log in, add it as parameter to the command. If your pin is e.g. 123456:
+
+```
+/path/to/this/project/unlock_keyrings.sh /path/to/your_secret 123456
+```
+
+This obviously weakens the security of the private key, so obviously only do this if you're comfortable with having your pin stored on your disk in plain text.
+
 You're all set! Re-login and have a try!
 
 ## FAQ
diff --git a/unlock_keyrings.sh b/unlock_keyrings.sh
index 5638eec..3211973 100755
--- a/unlock_keyrings.sh
+++ b/unlock_keyrings.sh
@@ -3,8 +3,9 @@
 
 _self_bin_name="$0"
 secret_file="$1"
+smartcard_pin="$2"
 
-[[ "$secret_file" = '' ]] && echo "Usage: $0 <secret_file>" && exit 1
+[[ "$secret_file" = '' ]] && echo "Usage: $0 <secret_file> [<smartcard pin>]" && exit 1
 
 function where_is_him () {
     SOURCE="$1"
@@ -22,8 +23,13 @@ function where_am_i () {
     [[ "$_my_path" = "" ]] && where_is_him "$_self_bin_name" || where_is_him "$_my_path"
 }
 
+gpg_options=()
+if [[ ! "$smartcard_pin" = '' ]]; then
+    gpg_options=("--pinentry-mode" "loopback" "--passphrase" "$smartcard_pin")
+fi
+
 cd `where_am_i` &&
-gpg --decrypt "$secret_file" | bin/unlock_keyrings --secret-file - --quiet
+gpg "${gpg_options[@]}" --decrypt "$secret_file" | bin/unlock_keyrings --secret-file - --quiet
 
 exit $?
 
-- 
GitLab